This copy is for your personal non-commercial use only. To order presentation-ready copies of Toronto Star content for distribution to colleagues, clients or customers, or inquire about permissions/licensing, please go to: www.TorontoStarReprints.com

Forget CSIS — it’s political parties that own our privacy

By Jon Penney

Mon., March 17, 2014

Guess what governmental institution has growing capability, sophistication and intent to collect information and data about Canadians en masse — including voting habits — and can do so nearly unfettered by law? CSEC? Nope. CSIS? Try again. The right answer is the CPC, LPC, and NDP — and any other federal political parties.

What’s more, the federal government is about to expand the mass data collection capacity of political parties even further with a new law — the Fair Elections Act. To the contrary, it's time to rein the political parties in.

On Parliament Hill, protesters voice their disapproval of the the robocalls affair, March 5, 2012. (Sean Kilpatrick / THE CANADIAN PRESS)

Information privacy protection — and transparency about government data collection — is far from perfect in Canada. We are slowly coming to appreciate this in relation to our national security and electronic spy agencies.

But even CSEC, with its vague mandate and unnecessarily broad surveillance powers, is covered by the federal Privacy Act. That law prevents government departments from sharing our personal information with third parties without our consent. It also gives citizens the right to know what data the government has about them. CSEC also can’t gather data on Canadians when abroad. The Conservative Party of Canada? Not so much.

Indeed, political parties are increasingly deploying mass citizen data collection and retention technologies, along with large scale databases, for sophisticated voter identification strategies and targeting. Often, as seen with various Elections Canada investigations, those strategies can promote mass voter suppression and other anti-democratic aims.

Article Continued Below

Stronger personal information and data collection protection against federal political parties is both urgent and democratically essential.

Yet, none of Canada’s patchwork of statutory privacy protections, as thin as it is, apply to federal political parties. Besides being exempted from the Privacy Act, federal parties also escape the requirements of federal privacy legislation covering the private sector — the Personal Information and Protection of Electronic Documents Act.

PIPEDA, like its public sector counterpart, prevents companies who gather personal data about us from sharing that data without our consent. Even when the federal government proposed “data breach” notice requirements to PIPEDA in 2011, federal parties would have faced no such restrictions.

What about Canada’s anti-spam legislation? Enacted in 2010, it specifically targeted spam that posed a threat to our personal information and data — identity theft, phishing, and spyware — yet it also excluded the federal political parties.

And despite these near unfettered powers to spam us, collect data about us, and to share that information as they wish, the federal government is proposing to expand these data collection powers even further with the Fair Elections Act.

If passed as is, the act would, as Chief Electoral Officer Marc Mayrand has pointed out, give federal parties a right to all voter statements (those “bingo” cards we use to vote), which will let them track and retain data about precisely who voted and who did not. In ways, this allows parties to also side-step the lone information controls imposed on them — restrictions on the use of voter lists obtained from the Chief Electoral Officer — by giving them the power to create their own, more intrusive, voter lists.

The Fair Elections Act also allows party representatives at the voting booth to “examine” evidence of identification provided by voters. Another unnecessary privacy intrusion without explanation.

Article Continued Below

There is absolutely no justification for giving federal parties a free ride to trample on Canadian privacy interests. We have already seen with the case of Pierre Poutine and other Robocall controversies how citizen data in these mass voter databases — like the CPC’s CIMS — is easy to share, access difficult to control, and abuses even more difficult to track. Political parties should have to play by the same rules as everyone else.

This is no longer just a question of privacy. The democratic process is now at stake.

Jon Penney teaches law at Dalhousie and is a research affiliate of the Berkman Center for Internet &amp; Society at Harvard and a Research Fellow at The Citizen Lab at U of T’s Munk School of Global Affairs. Follow him on twitter at @jon_penney

More from The Star & Partners

LOADING

Copyright owned or licensed by Toronto Star Newspapers Limited. All rights reserved. Republication or distribution of this content is expressly prohibited without the prior written consent of Toronto Star Newspapers Limited and/or its licensors. To order copies of Toronto Star articles, please go to: www.TorontoStarReprints.com